May 14, 2015 at 16:12Personal data: dura lex, sed lex
Recently, the protection of personal data has become one of the most pressing issues for organizations. She is even considered one of the drivers for the development of the commercial data center market. However, there are still few ready-made offers of hosting services for information systems that process personal data according to the requirements of the law in the data center services market.
According to iKS-Consulting forecast, by 2018 the Russian data center market will almost double as compared to the beginning of 2015 and will exceed 26.3 billion rubles, and the number of installed racks in commercial data centers will increase to 48.3 thousand. Entry into force of the Federal Law No. 152 “ On personal data ”, which requires the storage of personal data on the territory of the Russian Federation, in the near future will become one of the key factors for its growth. In addition, toughening legislation in the financial and banking sectors, as well as increasing competition in the telecommunications and retail sectors and increased reliability requirements will push an increasing number of companies to use the services of commercial data centers.
According to PMR, in 2014, the market for commercial services of data centers in Russia reached 11.7 billion rubles, which is 20.4% more than a year earlier. Analysts associate this growth with the development of the domestic Internet economy and the increasing volume of data in corporate IT systems. The demand for colocation services has increased, when the provider places the client’s equipment in the data center, provides service and connects to communication channels. More than 50% of the costs of such services are accounted for by banks using third-party data centers to back up data and duplicate IT systems. Financial institutions, as a rule, rent an area for 5-15 racks.
Federal Law No. 152 “On Personal Data” (ФЗ-152), which regulates the processing (use) of personal data, was adopted by the State Duma on July 8, 2006 and approved by the Federation Council on July 14, 2006, and the president signed it on July 27, 2006. FZ-152, Article 1, Clause 1 governs the relations associated with the processing of personal data carried out by federal government bodies, government bodies of constituent entities of the Russian Federation, other state bodies, local authorities, other municipal bodies, legal entities and individuals using automation tools, including information and telecommunication networks.
In the summer of 2014, amendments were adopted obliging organizations to store personal data of Russians on servers located on the territory of Russia (Article 2 of Federal Law No. 242 of July 21, 2014 “On Amending Certain Legislative Acts of the Russian Federation in Part of Refining the Procedure for Processing Personal Data in information and telecommunication networks ”).
The law is strong, but it's law. It was assumed that the new rules will take effect on September 1, 2016. However, in September 2014, the State Duma Committee on Information Policy recommended approving the amendment, according to which the law was to begin to operate on January 1, 2015. But due to the fact that the business did not have time to prepare for the law to enter into force, in early December 2014, the State Duma finally postponed the deadline for September 2015.
The amendments affect not only online stores, social networks and organizations that provide travel services, but also all companies that somehow use foreign data centers in working with personal information of citizens. That is, this can affect almost any company, since almost all organizations are involved in the processing of personal data: at a minimum, it is the processing of the data of their employees.
According to the Federal Law-152 (Article 3, Clause 1), personal data is any information relating to a specific person (subject of personal data) defined or determined on the basis of such information, including surname, name, patronymic; year, month, date and place of birth; address, marital, social, property status, education, profession, income and other information. Personal data refers to restricted information and must be protected in accordance with the legislation of the Russian Federation.
Personal data is divided into four categories:
Meanwhile, Roskomnadzor has not yet clarified what is considered personal data. So, for example, it was recently proposed to expand this concept by including information on user actions on the Internet, for example, in social networks. The possibility of duplication of personal data on servers abroad remains unclear. The law does not contain specific provisions in this regard and responsibility for their violation. In the meantime, it turns out that under Russian law, any information can be considered personal data, even if we are talking about the name and surname in the email system.
A state, municipal body, legal or natural person, independently or jointly with other persons, organizing or carrying out the processing of personal data, are personal data operators. The processing of personal data is any action with them. In accordance with Part 1 of Art. 22 FZ-152, the operator must notify Roskomnadzor of its intention to process them before processing personal data. The exception is a few cases described in Part 2 of Art. 22 FZ-152.
For example, personal data operators include financial and insurance organizations, retailers using loyalty programs, medical institutions, educational institutions, social institutions, representative offices of foreign companies that process personal data of Russian citizens, as well as other organizations working with individuals.
What response measures will be applied to violators? This may be an administrative fine, inclusion of a company in the register of violators, or blocking of a site on which personal data is processed. The Roskomnadzor must maintain the “Register of violators of the rights of subjects of personal data”, and the basis for inclusion in the list will be a legally valid judicial act.
Where should personal data be stored and processed? Can their operator use the services of a third-party data center? How to prepare personal data operators to comply with the law? In general, the business community does not yet fully understand how to work under the new law - what kind of data is personal and subject to protection, whether it is possible to have copies of databases abroad, whether innovations will affect popular foreign services related to booking rooms in foreign hotels, booking taxi, tickets and representatives of other activities integrated into the global information space.
Roskomnadzor began to prepare by-laws with clarification of the provisions of laws that were ambiguously perceived by IT experts. So, for example, the department decided that personal data of Russians should be stored only in Russia, although there was no such requirement in the law.
Meanwhile, the world's leading IT companies have already begun to transfer the data of their Russian users to servers located in the territory of the Russian Federation. Among these companies are eBay, PayPal, AliExpress, Google, Visa and Mastercard. However, foreign Internet services do not have to transfer all the personal data of their Russian clients to Russia. Only new customer data should be stored here - received after September 1, when the law on their mandatory storage in Russia enters into force. This is a fairly small amount of data, which greatly simplifies the task.
According to the law FZ-242, when collecting personal data, including via the Internet, the operator is obliged to record, organize, accumulate, store, update, modify or retrieve personal data of Russian citizens using databases located in the Russian Federation. Personal data operators must not only store such information within the country, but also register with the relevant authorities, including indicating where the data is stored, and providing a number of other information, accept obligations to provide information from such databases to law enforcement agencies in accordance with the law the rules.
The current situation related to the law on the storage of personal data, in general, has a positive effect on companies-suppliers of data centers and cloud solutions. The adopted law on the storage of personal data in Russia has led to an increase in demand for data center services. According to market experts, the practice of building their own data centers in Russia by foreign companies will not be particularly popular, since they have the opportunity to place part of the load on the territory of the Russian Federation, working with large Russian providers.
In addition, there are options that allow foreign companies to remain in the legal field of the Russian Federation with minimal risks and costs. One solution is to provide cloud services that allow you to control the location of the data. It is the use of cloud data centers that will minimize risks and at the same time maximally quickly implement a range of measures to bring the mechanisms for storing and processing personal data of Russians in accordance with the Federal Law requirements .
In addition, during the crisis, budgets for the construction of their own infrastructure will be reduced, so the demand for virtual resources will increase. When renting IT resources, only consumed capacities are actually paid. This leads to cost optimization.
Companies often have a rather superficial understanding of the Law on Personal Data, have little idea of how to properly protect personal data, and what it takes to pass an audit of supervisory authorities.
Depending on the categories of personal data being processed, their volume and actual threats, measures are required to ensure their security, in particular, servers. Clients who want to fully comply with the requirements of the law and not have problems with regulatory authorities need to take into account the risks of placing their servers with personal data in a third-party data center and carefully choose the hosting provider.
It is necessary to check in detail the hosting for the availability of the necessary FSTEC licenses for technical protection of confidential information, FSB licenses for the provision of services using encryption (cryptographic) means, as well as the use of certified information protection means when providing hosting services.
Often people mistakenly think that the data center should be certified for compliance with FZ-152. The question of compliance of the data center with the requirements of FZ-152 “On personal data” is one of the most frequently asked by customers of the owners of commercial data centers. However, such certification for data centers does not exist. It is more correct to be interested in the compliance of data center services with the technical requirements for the protection of confidential information (TZKI) with the necessary level of security .
Customers planning to place personal data in a third-party data center can protect their personal data independently, with or without a legal adviser, or look for comprehensive data center services with personal data protection and legal services. The latter option is not yet widespread on the market and often does not meet all the requirements of the customer (technical, legal or commercial).
Do not think that the purchase of data center services that meet the requirements of FZ-152 is a sufficient condition for compliance with the law. TZKI must comply with the entire information system - from the physical security of equipment to software for storing and processing personal data. Certification for compliance with FZ-152 is individual in nature: the relevant projects include, along with the installation of software and hardware data protection, an audit of customer processes. At the same time, the personal data processing system and its protection systems are certified, and not the data center as such.
In addition to the technical protection of personal data, the law imposes a number of administrative requirements, most of which boil down to the presence in the company of certain documents that need to be kept up to date. They are necessary in order to be tested by Roskomnadzor.
Comprehensive offers on the market, combining data center services, providing technical protection of confidential data, documentation and legal consulting, are still few. As a rule, data centers are aimed at providing technical services, but rarely provide full-fledged legal services without adequate expertise.
And this is one of the reasons why, despite the obvious relevance and demand for hosting services of information systems that process personal data according to the requirements of the law, there are still few ready-made offers on the data center services market. One of the first such offers on the Russian market was the “secure virtual data center” (VDC.152) service of SAFEDATA.
VDC.152 is a separate, secure virtual infrastructure for hosting and processing personal data. Based on the resources of the virtual data center, the customer can create an IT infrastructure of any complexity. The VDC service is built according to the IaaS model . VDC infrastructure is built on the basis of a network of data centers SAFEDATA, hardware and software solutions from leading manufacturers.
The VDC.152 service is intended for customers whose business processes are associated with the processing and storage of personal data of Russian citizens. It was developed taking into account all the requirements for these processes.
It is important that VDC.152 may include certification of a virtualization platform, data storage systems, hypervisors and a management system, providing security services to customers based on certified security features . The customer can perform the certification of the information system independently or with the help of SAFEDATA specialists who prepare all the necessary documentation. Certification of the personal data information system based on the VDC.152 service is carried out by the licensee of the FSTEC of Russia.
The “Secure Virtual Data Center” service frees the personal data operator from a significant share of the cost of creating its own secure IT infrastructure. It allows customers to use the IT resources and software of the provider, and highly qualified staff provides support for IT infrastructure in 24x7 mode. Additional benefits for the client are that he does not need to update the IT infrastructure himself in accordance with the current changes in the law - this is done by the data center operator.
This service is relevant for many categories of customers and types of information systems, including online stores, HR systems, marketing research systems, medical systems, billing and service management systems, etc. It can be claimed by all law-abiding personal data operators who want to bring personal data in accordance with the requirements of FZ-152.
The complex of organizational and technical measures provides comprehensive protection against various threats from the service personnel and from other clients of the data center. The system is ready for certification by the FSB and FSTEC as fully meeting all the requirements for placing personal data, and SAFEDATA acts as a service provider that provides this system according to the IaaS model for personal data operators.
A secure virtual infrastructure that meets the requirements of FZ-152 is located in the data center level TIER III (TIA-942). The protection of ISPD infrastructure elements is carried out by software and hardware certified by the FSTEC (non-cryptographic SZI) and the FSB (cryptographic SZI).
The architecture of VDC.152 includes a hardware platform (servers, network equipment), a storage network (storage and switching equipment), and software - virtualization system software, resource and virtual environment management system, virtual machines (operating system and application software) . For secure access, an encrypted tunnel (according to GOST) and equipment certified by the FSTEC are used. Information security is provided by the VipNet Coordinator HW 1000 cryptographic gateway and firewall, Accord-V SSD for ESXi servers, information protection tools for virtual infrastructure based on VMware vSphere systems (Accord-V SSD for vCenter), as well as an antivirus , firewall, intrusion detection and prevention system Trend Micro Deep Security 8.0.
It is also worth noting that the SAFEDATA group owns a network of data centers built in accordance with the requirements of international standards TIA-942 (TIER III). SAFEDATA data centers with a total area of more than 5500 sq.m. and the area of technological platforms for equipment placement 3000 sq.m. have a connection to MMTS-9 and MMTS-10, traffic exchange points MSK-IX.
According to surveys, at present, most data center service providers provide for the conclusion of SLA agreements with customers . In the case of a protected virtual data center from SAFEDATA, specific metrics are fixed in it in terms of availability, IOPS, time of VM access to disk drives, technical support, etc.
Service Level VDC.152 (SLA).
In addition, one of the SAFEDATA data centers confirmed compliance with the PCI DSS 3.0 standard regarding physical security. This platform is open to host computing power and network equipment of participants in the payment card industry. The service provider takes care of the physical protection of the servers involved in the processing of bank card payment transactions. This certification is important for customers in the financial industry.
Each operator of personal data needs to choose a solution that is suitable for him. VDC.152 is not only compliance with the legislation on the protection of personal data without the purchase and operation of technical means of protection (ISPD protection), but also scalability without capital costs and in a short time, continuous technical support. VDC.152 service can be the best option for customers in a number of ways. Moreover, SAFEDATA is responsible for preparing a set of documents and services for certification of a solution.
Our previous post:
- Data Center SAFEDATA: three in one. Chronicles of Migration
According to iKS-Consulting forecast, by 2018 the Russian data center market will almost double as compared to the beginning of 2015 and will exceed 26.3 billion rubles, and the number of installed racks in commercial data centers will increase to 48.3 thousand. Entry into force of the Federal Law No. 152 “ On personal data ”, which requires the storage of personal data on the territory of the Russian Federation, in the near future will become one of the key factors for its growth. In addition, toughening legislation in the financial and banking sectors, as well as increasing competition in the telecommunications and retail sectors and increased reliability requirements will push an increasing number of companies to use the services of commercial data centers.
According to PMR, in 2014, the market for commercial services of data centers in Russia reached 11.7 billion rubles, which is 20.4% more than a year earlier. Analysts associate this growth with the development of the domestic Internet economy and the increasing volume of data in corporate IT systems. The demand for colocation services has increased, when the provider places the client’s equipment in the data center, provides service and connects to communication channels. More than 50% of the costs of such services are accounted for by banks using third-party data centers to back up data and duplicate IT systems. Financial institutions, as a rule, rent an area for 5-15 racks.
Keep at home
Federal Law No. 152 “On Personal Data” (ФЗ-152), which regulates the processing (use) of personal data, was adopted by the State Duma on July 8, 2006 and approved by the Federation Council on July 14, 2006, and the president signed it on July 27, 2006. FZ-152, Article 1, Clause 1 governs the relations associated with the processing of personal data carried out by federal government bodies, government bodies of constituent entities of the Russian Federation, other state bodies, local authorities, other municipal bodies, legal entities and individuals using automation tools, including information and telecommunication networks.
In the summer of 2014, amendments were adopted obliging organizations to store personal data of Russians on servers located on the territory of Russia (Article 2 of Federal Law No. 242 of July 21, 2014 “On Amending Certain Legislative Acts of the Russian Federation in Part of Refining the Procedure for Processing Personal Data in information and telecommunication networks ”).
The law is strong, but it's law. It was assumed that the new rules will take effect on September 1, 2016. However, in September 2014, the State Duma Committee on Information Policy recommended approving the amendment, according to which the law was to begin to operate on January 1, 2015. But due to the fact that the business did not have time to prepare for the law to enter into force, in early December 2014, the State Duma finally postponed the deadline for September 2015.
The amendments affect not only online stores, social networks and organizations that provide travel services, but also all companies that somehow use foreign data centers in working with personal information of citizens. That is, this can affect almost any company, since almost all organizations are involved in the processing of personal data: at a minimum, it is the processing of the data of their employees.
Personal data
According to the Federal Law-152 (Article 3, Clause 1), personal data is any information relating to a specific person (subject of personal data) defined or determined on the basis of such information, including surname, name, patronymic; year, month, date and place of birth; address, marital, social, property status, education, profession, income and other information. Personal data refers to restricted information and must be protected in accordance with the legislation of the Russian Federation.
Personal data is divided into four categories:
- Personal data regarding race, nationality, political views, religious and philosophical beliefs, state of health, intimate life.
- Personal data, allowing to identify the subject of personal data and to receive additional information about him, with the exception of those belonging to category 1.
- Personal data to identify the subject of personal data.
- Anonymous and / or publicly available personal data.
Meanwhile, Roskomnadzor has not yet clarified what is considered personal data. So, for example, it was recently proposed to expand this concept by including information on user actions on the Internet, for example, in social networks. The possibility of duplication of personal data on servers abroad remains unclear. The law does not contain specific provisions in this regard and responsibility for their violation. In the meantime, it turns out that under Russian law, any information can be considered personal data, even if we are talking about the name and surname in the email system.
Personal Data Operators
A state, municipal body, legal or natural person, independently or jointly with other persons, organizing or carrying out the processing of personal data, are personal data operators. The processing of personal data is any action with them. In accordance with Part 1 of Art. 22 FZ-152, the operator must notify Roskomnadzor of its intention to process them before processing personal data. The exception is a few cases described in Part 2 of Art. 22 FZ-152.
For example, personal data operators include financial and insurance organizations, retailers using loyalty programs, medical institutions, educational institutions, social institutions, representative offices of foreign companies that process personal data of Russian citizens, as well as other organizations working with individuals.
What response measures will be applied to violators? This may be an administrative fine, inclusion of a company in the register of violators, or blocking of a site on which personal data is processed. The Roskomnadzor must maintain the “Register of violators of the rights of subjects of personal data”, and the basis for inclusion in the list will be a legally valid judicial act.
Data moves to Russia
Where should personal data be stored and processed? Can their operator use the services of a third-party data center? How to prepare personal data operators to comply with the law? In general, the business community does not yet fully understand how to work under the new law - what kind of data is personal and subject to protection, whether it is possible to have copies of databases abroad, whether innovations will affect popular foreign services related to booking rooms in foreign hotels, booking taxi, tickets and representatives of other activities integrated into the global information space.
Roskomnadzor began to prepare by-laws with clarification of the provisions of laws that were ambiguously perceived by IT experts. So, for example, the department decided that personal data of Russians should be stored only in Russia, although there was no such requirement in the law.
Meanwhile, the world's leading IT companies have already begun to transfer the data of their Russian users to servers located in the territory of the Russian Federation. Among these companies are eBay, PayPal, AliExpress, Google, Visa and Mastercard. However, foreign Internet services do not have to transfer all the personal data of their Russian clients to Russia. Only new customer data should be stored here - received after September 1, when the law on their mandatory storage in Russia enters into force. This is a fairly small amount of data, which greatly simplifies the task.
According to the law FZ-242, when collecting personal data, including via the Internet, the operator is obliged to record, organize, accumulate, store, update, modify or retrieve personal data of Russian citizens using databases located in the Russian Federation. Personal data operators must not only store such information within the country, but also register with the relevant authorities, including indicating where the data is stored, and providing a number of other information, accept obligations to provide information from such databases to law enforcement agencies in accordance with the law the rules.
The current situation related to the law on the storage of personal data, in general, has a positive effect on companies-suppliers of data centers and cloud solutions. The adopted law on the storage of personal data in Russia has led to an increase in demand for data center services. According to market experts, the practice of building their own data centers in Russia by foreign companies will not be particularly popular, since they have the opportunity to place part of the load on the territory of the Russian Federation, working with large Russian providers.
In addition, there are options that allow foreign companies to remain in the legal field of the Russian Federation with minimal risks and costs. One solution is to provide cloud services that allow you to control the location of the data. It is the use of cloud data centers that will minimize risks and at the same time maximally quickly implement a range of measures to bring the mechanisms for storing and processing personal data of Russians in accordance with the Federal Law requirements .
In addition, during the crisis, budgets for the construction of their own infrastructure will be reduced, so the demand for virtual resources will increase. When renting IT resources, only consumed capacities are actually paid. This leads to cost optimization.
Choosing a Service Provider
Companies often have a rather superficial understanding of the Law on Personal Data, have little idea of how to properly protect personal data, and what it takes to pass an audit of supervisory authorities.
Depending on the categories of personal data being processed, their volume and actual threats, measures are required to ensure their security, in particular, servers. Clients who want to fully comply with the requirements of the law and not have problems with regulatory authorities need to take into account the risks of placing their servers with personal data in a third-party data center and carefully choose the hosting provider.
It is necessary to check in detail the hosting for the availability of the necessary FSTEC licenses for technical protection of confidential information, FSB licenses for the provision of services using encryption (cryptographic) means, as well as the use of certified information protection means when providing hosting services.
Often people mistakenly think that the data center should be certified for compliance with FZ-152. The question of compliance of the data center with the requirements of FZ-152 “On personal data” is one of the most frequently asked by customers of the owners of commercial data centers. However, such certification for data centers does not exist. It is more correct to be interested in the compliance of data center services with the technical requirements for the protection of confidential information (TZKI) with the necessary level of security .
Customers planning to place personal data in a third-party data center can protect their personal data independently, with or without a legal adviser, or look for comprehensive data center services with personal data protection and legal services. The latter option is not yet widespread on the market and often does not meet all the requirements of the customer (technical, legal or commercial).
Do not think that the purchase of data center services that meet the requirements of FZ-152 is a sufficient condition for compliance with the law. TZKI must comply with the entire information system - from the physical security of equipment to software for storing and processing personal data. Certification for compliance with FZ-152 is individual in nature: the relevant projects include, along with the installation of software and hardware data protection, an audit of customer processes. At the same time, the personal data processing system and its protection systems are certified, and not the data center as such.
In addition to the technical protection of personal data, the law imposes a number of administrative requirements, most of which boil down to the presence in the company of certain documents that need to be kept up to date. They are necessary in order to be tested by Roskomnadzor.
Comprehensive offers on the market, combining data center services, providing technical protection of confidential data, documentation and legal consulting, are still few. As a rule, data centers are aimed at providing technical services, but rarely provide full-fledged legal services without adequate expertise.
And this is one of the reasons why, despite the obvious relevance and demand for hosting services of information systems that process personal data according to the requirements of the law, there are still few ready-made offers on the data center services market. One of the first such offers on the Russian market was the “secure virtual data center” (VDC.152) service of SAFEDATA.
Secure Virtual Data Center
VDC.152 is a separate, secure virtual infrastructure for hosting and processing personal data. Based on the resources of the virtual data center, the customer can create an IT infrastructure of any complexity. The VDC service is built according to the IaaS model . VDC infrastructure is built on the basis of a network of data centers SAFEDATA, hardware and software solutions from leading manufacturers.
The VDC.152 service is intended for customers whose business processes are associated with the processing and storage of personal data of Russian citizens. It was developed taking into account all the requirements for these processes.
It is important that VDC.152 may include certification of a virtualization platform, data storage systems, hypervisors and a management system, providing security services to customers based on certified security features . The customer can perform the certification of the information system independently or with the help of SAFEDATA specialists who prepare all the necessary documentation. Certification of the personal data information system based on the VDC.152 service is carried out by the licensee of the FSTEC of Russia.
The “Secure Virtual Data Center” service frees the personal data operator from a significant share of the cost of creating its own secure IT infrastructure. It allows customers to use the IT resources and software of the provider, and highly qualified staff provides support for IT infrastructure in 24x7 mode. Additional benefits for the client are that he does not need to update the IT infrastructure himself in accordance with the current changes in the law - this is done by the data center operator.
This service is relevant for many categories of customers and types of information systems, including online stores, HR systems, marketing research systems, medical systems, billing and service management systems, etc. It can be claimed by all law-abiding personal data operators who want to bring personal data in accordance with the requirements of FZ-152.
The complex of organizational and technical measures provides comprehensive protection against various threats from the service personnel and from other clients of the data center. The system is ready for certification by the FSB and FSTEC as fully meeting all the requirements for placing personal data, and SAFEDATA acts as a service provider that provides this system according to the IaaS model for personal data operators.
A secure virtual infrastructure that meets the requirements of FZ-152 is located in the data center level TIER III (TIA-942). The protection of ISPD infrastructure elements is carried out by software and hardware certified by the FSTEC (non-cryptographic SZI) and the FSB (cryptographic SZI).
The architecture of VDC.152 includes a hardware platform (servers, network equipment), a storage network (storage and switching equipment), and software - virtualization system software, resource and virtual environment management system, virtual machines (operating system and application software) . For secure access, an encrypted tunnel (according to GOST) and equipment certified by the FSTEC are used. Information security is provided by the VipNet Coordinator HW 1000 cryptographic gateway and firewall, Accord-V SSD for ESXi servers, information protection tools for virtual infrastructure based on VMware vSphere systems (Accord-V SSD for vCenter), as well as an antivirus , firewall, intrusion detection and prevention system Trend Micro Deep Security 8.0.
It is also worth noting that the SAFEDATA group owns a network of data centers built in accordance with the requirements of international standards TIA-942 (TIER III). SAFEDATA data centers with a total area of more than 5500 sq.m. and the area of technological platforms for equipment placement 3000 sq.m. have a connection to MMTS-9 and MMTS-10, traffic exchange points MSK-IX.
According to surveys, at present, most data center service providers provide for the conclusion of SLA agreements with customers . In the case of a protected virtual data center from SAFEDATA, specific metrics are fixed in it in terms of availability, IOPS, time of VM access to disk drives, technical support, etc.
Service Level VDC.152 (SLA).
In addition, one of the SAFEDATA data centers confirmed compliance with the PCI DSS 3.0 standard regarding physical security. This platform is open to host computing power and network equipment of participants in the payment card industry. The service provider takes care of the physical protection of the servers involved in the processing of bank card payment transactions. This certification is important for customers in the financial industry.
Each operator of personal data needs to choose a solution that is suitable for him. VDC.152 is not only compliance with the legislation on the protection of personal data without the purchase and operation of technical means of protection (ISPD protection), but also scalability without capital costs and in a short time, continuous technical support. VDC.152 service can be the best option for customers in a number of ways. Moreover, SAFEDATA is responsible for preparing a set of documents and services for certification of a solution.
Our previous post:
- Data Center SAFEDATA: three in one. Chronicles of Migration